Lucene search

[email protected]CVE-2005-2762

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-2762

2022-10-0316:22:49

[email protected]

web.nvd.nist.gov

avaya

vpnremote

4.2.33

credential theft

cleartext

security vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.7%

JSON

Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user’s credentials.

Affected configurations

NVD

Node

avayavpnremoteMatch4.2.23

avayavpnremoteMatch4.2.24

avayavpnremoteMatch4.2.26

avayavpnremoteMatch4.2.29

avayavpnremoteMatch4.2.30

avayavpnremoteMatch4.2.32

CPENameOperatorVersion
avaya:vpnremoteavaya vpnremoteeq4.2.23
avaya:vpnremoteavaya vpnremoteeq4.2.24
avaya:vpnremoteavaya vpnremoteeq4.2.26
avaya:vpnremoteavaya vpnremoteeq4.2.29
avaya:vpnremoteavaya vpnremoteeq4.2.30
avaya:vpnremoteavaya vpnremoteeq4.2.32

CPE	Name	Operator	Version
avaya:vpnremote	avaya vpnremote	eq	4.2.23
avaya:vpnremote	avaya vpnremote	eq	4.2.24
avaya:vpnremote	avaya vpnremote	eq	4.2.26
avaya:vpnremote	avaya vpnremote	eq	4.2.29
avaya:vpnremote	avaya vpnremote	eq	4.2.30
avaya:vpnremote	avaya vpnremote	eq	4.2.32

References

support.avaya.com/elmodocs2/security/ASA-2005-230.pdf

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2005-2762

cvelist1 nvd1